<?php
/* Squawk Content Management System
"Crane"
Written by Max Morgan <max@cridiron.com>

Licensed under GPLv3 (See LICENSE.txt for details)

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>. */

// Post form processor
// Checks to see if everything's good for posting, then does
// the actual posting

include('../includes.php');		// Global config file

// Step 1: Check for database connectivity
if (!$mysqlcon)
{
	$sqlconfail = "Cannot connect to database: " . mysql_error();	// Print SQL error for debugging
	echo "
	<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
	<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
	<head>
	<meta http-equiv='Content-type' content='text/html;charset=UTF-8' /> 
	<title>$SiteName - Error</title>
	</head>
	<body>
	<p><a href='$BaseURL'><img src='$cclogo' alt='$SiteName' style='border-style: none' /></a></p>
	<p><em>$SiteMotto</em></p>
	<hr />

	<!-- Begin error report -->
	<p>Error:
	<br />$sqlconfail</p>
	<p>Please note, this is not an error with your browser, but rather on our end
	of things.</p>
	<p>Contact $admincta for assistance.</p>
	<!-- End error report -->

	<!-- Begin footer -->
	<hr />	
	<p>$ccfooter</p>
	<p><a href='http://validator.w3.org/check?uri=referer'>
	<img src='http://www.w3.org/Icons/valid-xhtml10' alt='Valid
	XHTML 1.0 Strict' height='31' width='88' style='border-style: none' /></a></p>
	<!-- Build version footer, remove it if you like -->
	<p><em>$VFooter</em></p>
	<!-- End footer -->
	</body>
	</html>";
}

// Step 2: Grab data, write to database, make posting.
else
{
	// Set variables using data from POST
	$sTitle = $_POST['ptitle'];
	$sAuthr = $_POST['pauth'];
	$sPostf = $_POST['ppost'];
	$sUserf = $_POST['puser'];
	$sPaswd = sha1($_POST['ppass']);
	

	// Authenticate user
	$Qchkuser = "SELECT name FROM cdc_auth WHERE name = '$sUserf'";				// SQL: Does user exist?
	$Qchkpass = "SELECT pass FROM cdc_auth WHERE pass = '$sPaswd' AND name = '$sUserf'";	// SQL: Is the password correct?
	$Pchkuser = mysql_query($Qchkuser);							// Run user existance check
	$Pchkpass = mysql_query($Qchkpass);							// Verify password
	$Rchkuser = mysql_result($Pchkuser, 0);							// Get results of user check
	$Rchkpass = mysql_result($Pchkpass, 0);							// Get results of password verification

	// If user does not exist
	if ($Rchkuser != $sUserf)
	{
		echo "
		<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
		<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
		<head>
		<meta http-equiv='Content-type' content='text/html;charset=UTF-8' /> 
		<title>$SiteName - Error</title>
		</head>
		<body>
		<p>We're sorry, but <strong><em>$sAuthr</em></strong> isn't a valid user name. Go 
		<a href='javascript:history.back()'>back</a> and try again.</p>

		<!-- Begin footer -->
		<hr />	
		<p>$ccfooter</p>
		<p><a href='http://validator.w3.org/check?uri=referer'>
		<img src='http://www.w3.org/Icons/valid-xhtml10' alt='Valid
		XHTML 1.0 Strict' height='31' width='88' style='border-style: none' /></a></p>
		<!-- Build version footer, remove it if you like -->
		<p><em>$VFooter</em></p>
		<!-- End footer -->
		</body>
		</html>";
	}
	
	// If wrong password is entered
	elseif ($Rchkpass != $sPaswd)
	{
		echo "
		<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
		<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
		<head>
		<meta http-equiv='Content-type' content='text/html;charset=UTF-8' /> 
		<title>$SiteName - Error</title>
		</head>
		<body>
		<p>Your password seems to be incorrect. Go <a href='javascript:history.back()'>back</a> and try again.</p>

		<!-- Begin footer -->
		<hr />	
		<p>$ccfooter</p>
		<p><a href='http://validator.w3.org/check?uri=referer'>
		<img src='http://www.w3.org/Icons/valid-xhtml10' alt='Valid
		XHTML 1.0 Strict' height='31' width='88' style='border-style: none' /></a></p>
		<!-- Build version footer, remove it if you like -->
		<p><em>$VFooter</em></p>
		<!-- End footer -->
		</body>
		</html>";
	}

	// Everything looks good! Time to proceed
	else
	{
		$Qlname = "SELECT lname FROM cdc_auth WHERE name ='$sUserf'";
		$Plname = mysql_query($Qlname);
		$Rlname = mysql_result($Plname);

		// SQL: Create blog post
		// For added security, this escapes the string
		$QmkPost = sprintf("INSERT INTO cdc_posts (title, date, auth, cat, body) VALUES (
			'$sTitle', '$dateunix', '$sAuthr', 1, '%s')", mysql_real_escape_string($sPostf));

		$PmkPost = mysql_query($QmkPost);
		$RmkPost = mysql_num_rows($PmkPost);

		echo "
		<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
		<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
		<head>
		<meta http-equiv='Content-type' content='text/html;charset=UTF-8' /> 
		<meta http-equiv='refresh' content='2; url=$BaseURL' />
		<title>$SiteName - Success!</title>
		</head>
		<body>
		<p>Post created. You should be redirected automatically; otherwise, go <a href='$BaseURL'>home</a>.</p>
		<!-- Begin footer -->
		<hr />	
		<p>$ccfooter</p>
		<p><a href='http://validator.w3.org/check?uri=referer'>
		<img src='http://www.w3.org/Icons/valid-xhtml10' alt='Valid
		XHTML 1.0 Strict' height='31' width='88' style='border-style: none' /></a></p>
		<!-- Build version footer, remove it if you like -->
		<p><em>$VFooter</em></p>
		<!-- End footer -->
		</body>
		</html>";
				
	}
}
// Close database connection
mysql_close($mysqlcon);

?>
